Updating Supermicro BIOS and IPMI From TrueNAS SCALE
02 Apr 2025 -
Steps to Update the BIOS/IPMI on a SuperMicro board
In the process of building a new TrueNAS SCALE machine (more on this soon), I needed to upgrade the firmware on the “new” motherboard. It’s actually an old Supermicro X11 series board from eBay, but for USD$220 I get a 45W TDP Xeon and 64GB of ECC RAM. Good enough, except for one thing: the BIOS was from 2017. There’s been a lot of fixes in the last eight years. Thankfully, things have changed since I last had to reflash a BIOS. No more floppy disks, for one. It’s actually shockingly easy to update these boards from Linux. In the interest of helping myself remember and maybe some other people, here are the steps to follow.
This assumes an install of TrueNAS SCALE (RIP CORE) with SSH access enabled. SSH no longer enabled by default, so go flip those switches. I’m slowly working my way through a post tracking the differences and considerations when upgrading.
HOWTO Update BIOS
Aquire bits
Step one is acquire the BIOS and IPMI images and the Supermicro Update Manager executable. Find your board on Supermicro’s website, hit the link for Resources, scroll down to Software, and click the link to BMC Firmware. (Example link; your motherboard might be different!) Mine held five compressed files for these things:
- Windows/DOS executables
- Linux executables
- BSD executables
- BIOS file
- IPMI file
Don’t know what board you have?
Yeah, it’s actually worth double-triple-checking this. Flashing the wrong BIOS will ruin your day. Thankfully it’s not too hard to figure out.
```truenas% sudo dmidecode -t 2
dmidecode 3.4
Getting SMBIOS data from sysfs. SMBIOS 3.0 present.
Handle 0x0002, DMI type 2, 15 bytes Base Board Information Manufacturer: Supermicro Product Name: X11SSH-GF-1585L Version: 1.01 Serial Number: VM175S500358 Asset Tag: To be filled by O.E.M. Features: Board is a hosting board Board is replaceable Location In Chassis: To be filled by O.E.M. Chassis Handle: 0x0003 Type: Motherboard Contained Object Handles: 0
I like seeing `Board is replaceable`. At the end of the day, aren't we all replaceable?
## Copy to the NAS
Keep the ZIP. Maybe it was automatically decompressed for you, maybe not. Either way, it's simpler to move one file than five. I kept it easy and used `scp` to move the whole ZIP downloaded from Supermicro. Write the file to `/tmp`.
scp ~/Downloads/path/to/the/bundle.zip user@truenashost:’/tmp’
## SSH to host
The rest of these steps will be done via SSH. Connect to the NAS. You may have to enable SSH on TrueNAS if you haven't done so before; while it's probably possible to run this from the GUI-shell it's safer to stick within the terminal.
## Start tmux
Sadly for my muscle memory, `screen` is no longer included in TrueNAS SCALE. You have to switch to `tmux`. Thankfully the basics aren't too hard. Start a session with:
tmux new -s bios
Arguably, this is for the best, since `tmux` sees active development. TrueNAS wants to function like an appliance, even if it is a full Linux system. Just because you can, doesn't mean you should, and iXsystems strongly discourages installing new packages just because you're a dinosaur and don't want to change. Now excuse me while I chase some kids off my lawn.
## Extract
You'll need to unzip and then untar, since the main file is a ZIP. Once unzipped, move into the new directory. Then untar the Linux files (`tar -xvf archive.tar.gz`) and unzip the BIOS file. (`unzip archive.zip`) Why is this a convoluted series of compressed files? Excellent question. The answer lies in what I suspect are a series of cobbled-together scripts that take a bunch of build system outputs and glue them together like a software matryoshka doll. Would it be easier if it was all just one ZIP file? Yes, but bandwidth is cheap now, so we compress the compressed despite it offering no benefits instead of compressing _everything_ with a single compression pass at the end.
Moving along.
## Remount /tmp
Another arguably good win for security is `/tmp` is now mounted with the `noexec` flag set. You can't run the updater from `/tmp` even as root. Thankfully, this is easy enough to temporarily ~fix~ bodge. Simply remount the filesystem: `sudo mount -o remount,exec /tmp`
This _will_ be undone once you restart the system (and everything in `/tmp` will go away too) but that's fine! Now we don't have to remember to undo anything to make it secure again, especially because the system requires a reboot at the end of the flashing process.
By default, tmp is mounted noexec:
#tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,inode64)
$ sudo ./sum $ sudo: unable to execute ./sum: Permission denied $ sudo mount -o remount,exec /tmp $ sudo ./sum « Help text truncated »
## Update the BIOS
Now we're ready to flash the BIOS. Your system is on stable power, preferably a UPS, and your SSH session is being run through tmux. This should prevent issues from a dropped connection or flickering mains power resulting in a half-flashed BIOS, resulting in much whisky (and recovery tools) being needed.
Simply run `sudo ./sum -c UpdateBios --file /tmp/path/to/BIOS.bin`
The process can take a little while. Don't be surprised if it takes 10 minutes. The percentages should slowly increase.
truenas% sudo ./sum -c UpdateBios –file /tmp/bios-update/BIOS_X11SSHG-0958_20240520_2.0_STD.bin Supermicro Update Manager (for UEFI BIOS) 2.14.0 (2024/02/15) (x86_64) Copyright(C) 2013-2024 Super Micro Computer, Inc. All rights reserved.
WARNING: BIOS setting will be reset without option –preserve_setting Reading BIOS flash ………………… (100%) CPUID = 506e3 Checking ME Firmware … Comparing FDT for ROM file and flash…. (100%) FDT is same, Update BIOS and ME(exclude FDT) regions…. Writing BIOS flash ………………… (100%) Verifying BIOS flash ………………. (100%) Checking ME Firmware … Putting ME data to BIOS ……………. (100%) Writing ME region in BIOS flash …
- FDT won’t be updated when ME is not in Manufacturing mode!! BIOS upgrade continues…
- Updated Recovery Loader to OPRx
- Updated FPT, MFSB, FTPR and MFS
- ME Entire Image done WARNING:Must power cycle or restart the system for the changes to take effect! ```
Nearly done
Just like the tool says, you must power cycle the system for the new BIOS to be used. Take a deep breath, it’s out of your hands now. But resist the easy temptation to reboot, for temptation leads the true follower astray and into the hands of arcane electrical gremlins who desire to frustrate you. No, stay strong my friends, and instead be a hero. Power off the system, count to thirty, and then press the power button. We don’t want residual power to have any chance of causing old, no longer valid, pathways to remain available to execution. This is something I was taught as a young systems whisperer, and so now it is my duty to encourage you.
sudo poweroff
The next boot will feel like it takes longer. Maybe it actually does. Time is a human construct, after all. But a moment after you begin to wonder if it’s time to panic, the system will POST, beep in what your human brain interprets to be cheerful, and will soon be running a new BIOS.
Now, for more updating.
Updating IPMI
IPMI is the man behind the curtain, pulling the strings on your computational destiny. It doesn’t matter what it stands for, but we’re going to update it. My system came with a working IPMI, but no password. Fine; these things aren’t really built for the C or I parts of security– IPMI cares about Availability. The first step for me was to reset the password to a known value, so I could log in and upload the new IPMI firmware.
This is the help text from the IPMICFG tool Supermicro distributes; it is useful to skim outside a terminal emulator.
truenas% ./IPMICFG-Linux.x86_64
IPMICFG Version 1.35.2 (Build 240627)
Copyright(c) 2023 Super Micro Computer, Inc.
Usage: IPMICFG params (Example: IPMICFG -m 192.168.1.123)
-help Display a list of commands
truenas% ./IPMICFG-Linux.x86_64 -help
IPMICFG Version 1.35.2 (Build 240627)
Copyright(c) 2023 Super Micro Computer, Inc.
Usage: IPMICFG params (Example: IPMICFG -m 192.168.1.123)
-help Display a list of commands
-m Shows IPv4 address and MAC.
-m <ip> Sets IPv4 address (format: ###.###.###.###).
-a <mac> Sets MAC (format: ##:##:##:##:##:##).
-k Shows Subnet Mask.
-k <mask> Sets Subnet Mask (format: ###.###.###.###).
-dhcp Gets the DHCP status.
-dhcp on Enables the DHCP.
-dhcp off Disables the DHCP.
-g Shows a Gateway IP.
-g <gateway> Sets a Gateway IP (format: ###.###.###.###).
-garp on Enables the Gratuitous ARP.
-garp off Disables the Gratuitous ARP.
-r Performs a BMC cold reset.
Detects if a BMC reset was successfully performed
on the IPMI device, use -d after -r.
-fd <option> Resets to the factory defaults without preserving
configurations.
option: 1 | Preserves User configurations
option: 2 | Restores to factory default and
default password
option: 3 | Sets user defaults to ADMIN/ADMIN
-fdl Resets IPMI to the factory default. (Clean LAN).
-fde Resets IPMI to the factory default. (Clean FRU &
LAN).
-d Detects if a BMC reset was successfully performed
on the IPMI device.
Note that this option can be only used after -r,
-fd, -fdl or -fde
-ver Gets firmware revision.
-vlan Gets VLAN status.
-vlan on [VLAN tag] Enables the VLAN and sets the VLAN tag.
If VLAN tag is not given, it uses the previously
saved value.
-vlan off Disables the VLAN.
-selftest Checks and reports the basic health status of the
BMC.
-raw Sends a RAW IPMI request and prints a response.
Format: NetFn/LUN Cmd [Data1 ... DataN]
-fru info Shows information of the FRU inventory area.
-fru list Shows all FRU values.
-fru cthelp Shows chassis type code.
-fru help Shows help of FRU Write.
-fru <field> Shows FRU field value.
-fru <field> <value> Writes FRU.
-fru backup <file> Backs up FRU to a file <Binary format>.
-fru restore <file> Restores FRU from a file <Binary format>.
-fru tbackup <file> Backs up FRU to a file <Text format>.
-fru trestore <file> Restores FRU from a file <Text format>.
-fru ver <v1> <v2> Gets/Sets the FRU version. (<v1> and <v2> are
BCD-format)
-fru dmi <$1> ... <$14> Inputs 14 parameters and writes to FRU
Chassis/Board/Product fields.
Please use the "-fru dmi" command to view the
parameters.
-sel info Shows SEL information.
-sel list [option] Shows SEL records.
-y <n years> | Filter event logs within n years
-m <n months> | Filter event logs within n months
-d <n days> | Filter event logs within n days
-sel del Deletes all SEL records.
-sel raw Shows SEL raw data.
-sdr [full] Shows SDR records and readings.
-sdr del <sdr id> Deletes the SDR record.
-sdr ver <v1> <v2> Gets/Sets the SDR version. (<v1> and <v2> are
BCD-format)
-nm nmsdr Displays NM SDR.
-nm seltime Gets SEL time.
-nm deviceid Gets the ID of the ME device.
-nm reset Reboots ME.
-nm reset2default Forces ME to reset to default settings.
-nm updatemode Forces ME to enter the update mode.
-nm selftest Gets self-test results.
-nm listimagesinfo Lists ME information of images.
-nm oemgetpower OEM Power command for ME.
-nm oemgettemp OEM Temp. command for ME.
-nm pstate Gets the maximum allowed CPU P-State.
-nm tstate Gets the maximum allowed CPU T-State.
-nm cpumemtemp Gets CPU/memory temperature.
-nm hostcpudata Gets the host CPU data.
-fan Gets the fan mode.
-fan <mode> Sets the fan mode.
-pminfo [full] Displays PMBus health information of power supply.
-psfruinfo Displays FRU health information of power supply.
-psbbpinfo Displays status of the backup battery.
-autodischarge <module> Sets auto discharge by days.
<day>
-discharge <module> Manually discharges a battery.
-user list Lists user privileges.
-user help Shows a user privilege code.
-user add <user id> <name> Adds a user.
<password> <privilege>
-user del <user id> Deletes users.
-user level <user id> Updates user privileges.
<privilege>
-user setpwd <user id> Updates a user password.
<password>
-conf download <file> Downloads IPMI configuration to a binary file.
-conf upload <file> Uploads IPMI configuration from a binary file.
<option> option: -p | Bypass warning message
-conf tdownload <file> Downloads IPMI configuration to a text file.
-conf tupload <file> Uploads IPMI configuration from a text file.
<option> option: -p | Bypass warning message
-clrint Clears chassis intrusion.
-reset <index> Resets system and forces to boot from the selected
device.
-soft <index> Initiates a soft-shutdown for OS and forces system
to boot from the selected device.
-ipv6 mode Shows the IPv6 mode.
-ipv6 mode <mode> Sets the IPv6 mode.
-ipv6 autoconfig Shows IPv6 auto configuration.
-ipv6 autoconfig on Enables IPv6 auto configuration.
-ipv6 autoconfig off Disables IPv6 auto configuration.
-ipv6 list Lists IPv6 static and dynamic addresses.
-ipv6 duid Shows IPv6 DUID.
-ipv6 dns [ip] Gets/Sets IPv6 DNS server.
-ipv6 add <id> <ip> Adds IPv6 static address.
<prefix>
-ipv6 remove <id> Removes IPv6 static address.
-ipv6 route Displays IPv6 static route status.
-ipv6 route on Enables IPv6 static route.
-ipv6 route off Disables IPv6 static route.
-ipv6 route list Lists IPv6 static router information.
-ipv6 route <id> <prefix Sets IPv6 static router information.
value> <prefix length>
<ip>
-ipv6 route clear <id> Clears IPv6 static router information.
-nvme list Displays the existing NVME SSD list.
-nvme info Displays NVME SSD information.
-nvme rescan Rescans all devices by in-band.
-nvme insert <aoc> <group> Inserts SSD by out-of-band.
<slot>
-nvme locate <HDD name> Locates SSD. (in-band)
-nvme locate <aoc> <group> Locates SSD. (out-of-band)
<slot>
-nvme stoplocate <HDD Stops locateing SSD. (in-band)
name>
-nvme stoplocate <aoc> Stops locateing SSD. (out-of-band)
<group> <slot>
-nvme remove <HDD name> Removes NVME device. (in-band)
[option1] [option2] option1: 0 | Do eject after remove (Default)
option1: 1 | Do not eject after remove
option2:-p | Bypass warning message
-nvme remove <aoc> <group> Removes NVME device. (out-of-band)
<slot> [option] option: -p | Bypass warning message
-nvme smartdata [HDD name] NVME S.M.A.R.T data.
-tas info Gets TAS information.
-tas pause Pauses a TAS service.
-tas resume Resumes a TAS service.
-tas refresh Triggers TAS to recollect data.
-tas clear Clears collected TAS data in BMC.
-tas period <sec> Sets the time length of a TAS update <limit 1 to 60
sec>.
-tp info Gets MCU information.
-tp info <type> Gets information of MCU type. (type: 1 - 3)
-tp nodeid Gets a node ID.
-tp systemname [value] Gets/Sets a system name.
-tp systempn [value] Gets/Sets a system P/N.
-tp systemsn [value] Gets/Sets a system S/N.
-tp chassispn [value] Gets/Sets a chassis P/N.
-tp chassissn [value] Gets/Sets a chassis S/N.
-tp backplanepn [value] Gets/Sets a backplane P/N.
-tp backplanesn [value] Gets/Sets a backplane S/N.
-tp nodepn [value] Gets/Sets node P/N.
-tp nodesn [value] Gets/Sets node S/N.
-summary Displays FW and BIOS information.
-hostname [value] Gets/Sets a host name.
-dcmi cap Lists information of DCMI capabilities.
-dcmi power Gets the DCMI power readings.
-dcmi ctl [value] Gets/Sets the DCMI management controller ID string.
-mel list [option] Shows BMC maintenance event log.
-y <n years> | Filter event logs within n years
-m <n months> | Filter event logs within n months
-d <n days> | Filter event logs within n days
-mel download <file> Downloads a BMC maintenance event log to a file.
-mel clear [0|1] Clears a BMC maintenance event log. (without/with
log, default is 0)
-addrptl [option] Gets/Sets IP address protocol.
option: 1 | IPv4
option: 2 | IPv6
option: 3 | Dual
-lockdown Checks the system's lockdown mode.
-lani [option] Gets/Sets LAN interface.
-linkstatus Shows network link status.
Setup
First things first. If you just followed my instructions above, you’ll need to recopy the BIOS/IPMI file over to /tmp and remount it without the noexec flag. Easy stuff.
Users
List the users currently active in the IPMI system with:
truenas% sudo ./IPMICFG-Linux.x86_64 -user list
Maximum number of Users : 10
Count of currently enabled Users : 1
User ID | User Name | Privilege Level | Enable
------- | --------- | --------------- | ------
2 | ADMIN | Administrator | Yes
User ID 0 and 1 are either reserved or unavailable, so this one will go to 11 if you max out the user list.
Set Password
Really simple, but a minimum password length is enforced. The command syntax is -user setpwd <user_number> <password>. If you’re paranoid, then know this will be recorded in your shell history. My suggestion would be to set it to something dumb-but-easy and then reset it once you have regained access to the GUI. Also, as I discovered, there is both a minimum and maximum password length.
truenas% sudo ./IPMICFG-Linux.x86_64 -user setpwd 2 ADMIN
Password must be 8 ~ 20 characters.
truenas% sudo ./IPMICFG-Linux.x86_64 -user setpwd 2 ADMINPASS
Done.
truenas%
Upgrade
Once you’ve reset the password, use a web browser to log in to IPMI. Head to the maintenance section and upload the new IPMI file. This will also take awhile to run, but does not incur system downtime.
References
https://major.io/p/update-supermicro-bios-firmware-from-linux/#update-the-bmc
Wrapup
So there. Hopefully this helps someone else with this task, which is ultimately pretty easy but also not well-documented.